Spec URL: http://konradm.fedorapeople.org/fedora/SPECS/chntpw.spec
SRPM URL: http://konradm.fedorapeople.org/fedora/SRPMS/chntpw-0.99.6-1.fc9.src.rpm
Description:
This is a utility to (re)set the password of any user that has a valid
(local) account on your Windows NT/2k/XP/Vista etc system. You do not
need to know the old password to set a new one. It works offline, that
is, you have to shutdown your computer and boot off a floppydisk or CD
or another system. Will detect and offer to unlock locked or disabled
out user accounts! There is also a registry editor and other registry
utilities that works under linux/unix, and can be used for other things
than password editing.

I can't see why you don't use the initial Makefile. Something along
make CC="%__cc" CFLAGS="$RPM_OPT_FLAGS" LIBS="-lcrpyto" chntpw cpnt reged
And use simple cp or install to install the resulting executables.
Using cmake while upstream doesn't seems too much to me.
openssl in requires is not useful, it is automatically found by rpm.
It is better to avoid using Fedora whenever possible, so please rename
README.Fedora to something more neutral like README.Dist
cp should be cp -p to keep timestamp.
Also I suggest using
%{_mandir}/man8/%{name}.8*
to catch any kind of compression.
I am afraid that, if accepted, you'll need contact legal (through spot,
he is the contact) because of the crypto and export stuff.

> I can't see why you don't use the initial Makefile.
The initial Makefile seemed horribly broken enough to warrant replacement (-m32 among other things!). If it builds using correct Fedora flags with make like you suggest I don't see any problem using the original Makefile though.
> openssl in requires is not useful, it is automatically found by rpm.
Ok.
> It is better to avoid using Fedora whenever possible, so please rename
> README.Fedora to something more neutral like README.Dist
> cp should be cp -p to keep timestamp.
> Also I suggest using %{_mandir}/man8/%{name}.8* to catch any kind of
> compression.
Ok.
> I am afraid that, if accepted, you'll need contact legal (through spot,
> he is the contact) because of the crypto and export stuff.
I'll contact him.

I'd prefer if the chntpw-README.Fedora was also renamed. The main aim of
not having 'Fedora' is to be reused, so it shouldn't be anywhere:
https://fedoraproject.org/wiki/PackageMaintainers/Packaging_Tricks
The -p for keeping timestamps is notfor newly created executables, since
their timestamp is the one of the build anyway, but for the files that
may have their timestamps kept, here the man page and README file.
Just a suggestion, staticaly compiled executable should be kept, they
don't do harm (and could even be used in-source), even though they are
not of use in fedora.
I also suggest a comment in the spec file telling where the version comes
from since the source archive has another version string.

* rpmlint is silent
* follow guidelines
* free software, license included
* match upstream:
09addfe7ae469677da39ed66d83858d3 chntpw-source-080526.zip
* %files section right
Just one suggestion, I think it is better to use sed for the
end of line, and to keep timestamp, like:
sed -e 's/\r$//' WinReg.txt > WinReg.txt.eol
touch -c -r WinReg.txt WinReg.txt.eol
mv WinReg.txt.eol WinReg.txt
This is only asuggestion, so
APPROVED